[Serusers] symmetric nat/ broadband routers

Ricardo Villa ricvil at epm.net.co
Thu Dec 4 22:14:46 CET 2003 

Its 2.4.18.  So it could have been another problem here.  All that we now is
that we first tested here and then tested on a D-Link 604.  Both failed so
we switched to plan B, which was to make the UA generate the ping.  After
that all our UAs have worked perfectly with the rtpproxy.

----- Original Message ----- 
From: "Nils Ohlmeier" <nils at ohlmeier.de>
To: "Ricardo Villa" <ricvil at epm.net.co>; "Jan Janak" <jan at iptel.org>; "Hans
Eriksson" <hansa at mac.com>
Cc: "Klaus Darilion" <darilion at ict.tuwien.ac.at>; <serusers at lists.iptel.org>
Sent: Thursday, December 04, 2003 3:45 PM
Subject: Re: [Serusers] symmetric nat/ broadband routers


> Am Thursday 04 December 2003 21:22 schrieb Ricardo Villa:
> > On our lab we have a RH7.3 box with iptables firewall and NAT.  When we
> > were initially testing the nathelper module we found out that external
> > pings did NOT keep the sessions alive on this box.  Only pings going
from
> > inside towards the internet.  At that point we decided to simply rely on
> > the ability of devices like the ATA186 and GS phones to send a SIP Dummy
> > packet from behind the NAT in order to keep the sessions alive.  So far
> > this approach has worked 100%.  It is possible that the Linux box just
> > needed some tweaking, but we needed a solution that worked seamlessly
with
> > all customers.
>
> I do not know which kernel version RH7.3 uses, but for Linux kernel
version
> 2.4 this is not true. I have a Linux router with 2.4 kernel as NAT box
> running. And a phone behind this NAT is perfectly reachable, because the
NAT
> pings keep the connection tracking open. The default timeout for
established
> UDP connections is 180 sections. If the natpinger is below that value it
> keeps tha hole open. at least for me :-)
>
> Greets
>   Nils
>
> > I belive we also tested another common broadband home router and it
behaved
> > the same way.
> >
> > Regards,
> > Andres
> >
> >
> > ----- Original Message -----
> > From: "Jan Janak" <jan at iptel.org>
> > To: "Hans Eriksson" <hansa at mac.com>
> > Cc: "Klaus Darilion" <darilion at ict.tuwien.ac.at>; <serusers at lists.iptel.org>
> > Sent: Thursday, December 04, 2003 3:09 PM
> > Subject: Re: [Serusers] symmetric nat/ broadband routers
> >
> > > On 04-12 18:12, Hans Eriksson wrote:
> > > > Klaus,
> > > >
> > > > Many commersial grade firewalls do not keep sessions alive,
regardsless
> > > > of external pings, so it won't work in rather too many cases.
> > >
> > >   Which firewalls behave this way, do you have any particular in mind
?
> > >   What makes you think that many firewall require traffic from inside
to
> > >   keep the mapping open ?
> > >
> > >    Jan.
> > >
> > > _______________________________________________
> > > Serusers mailing list
> > > serusers at lists.iptel.org
> > > http://lists.iptel.org/mailman/listinfo/serusers
> >
> > _______________________________________________
> > Serusers mailing list
> > serusers at lists.iptel.org
> > http://lists.iptel.org/mailman/listinfo/serusers
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>

More information about the sr-users mailing list